CVE-2022-26155

{"id": "CVE-2022-26155", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-02-28T16:15:08.083", "references": [{"url": "https://github.com/l00neyhacker/CVE-2022-26155", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://help.cherwell.com/bundle/release_notes_10_4_help_only/page/content/release_notes/10_4_0_fix_list.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/l00neyhacker/CVE-2022-26155", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://help.cherwell.com/bundle/release_notes_10_4_help_only/page/content/release_notes/10_4_0_fix_list.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body."}, {"lang": "es", "value": "Se ha detectado un problema en la aplicaci\u00f3n web de Cherwell Service Management (CSM) versi\u00f3n 10.2.3. Un ataque de tipo XSS puede ocurrir por medio de una carga \u00fatil en el par\u00e1metro SAMLResponse del cuerpo de la petici\u00f3n HTTP."}], "lastModified": "2024-11-21T06:53:32.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cherwell:cherwell_service_management:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D3721F0-4555-4427-8306-78848604C299"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}